[messaging] Proof of Transition to keep DNSChain servers honest

[Tao Effect]

(Sent this to [curves] by accident. Meant to send it [messaging] as this is relevant for key exchange.)

Dionysis Zindros came up with the following mechanism to prevent DNSChain servers from forging blockchain data (copied from our blog post):

3. Use Proof-of-Transition (PoT). PoT is a simple but powerful idea that Dionysis Zindros came up with (which we plan to elaborate on in future work). Briefly: clients store the public key fingerprints of the blockchain transaction that corresponds to a domain. These correspond to the public key that was used to update the blockchain entry. When a new SSL/TLS cert is seen, require DNSChain to provide proof in the form of the transaction(s) that were used to update the blockchain entry. If these transaction(s) were signed by the original public key, we can be assured  that DNSChain is not cooking the books.

From "Certificate transparency on blockchains"

https://blog.okturtles.com/2015/03/certificate-transparency-on-blockchains/

Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150325/4f975162/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150325/4f975162/attachment.sig>